{% set prefix = DEFAULT_CONTAINER_REGISTRY %}
{%- if CONFIGURED_ARCH == "armhf" and MULTIARCH_QEMU_ENVIRON == "y" %}
FROM {{ prefix }}multiarch/qemu-user-static:x86_64-arm-6.1.0-8 as qemu
FROM {{ prefix }}multiarch/debian-debootstrap:armhf-bullseye
COPY --from=qemu /usr/bin/qemu-arm-static /usr/bin
{%- elif CONFIGURED_ARCH == "arm64" and MULTIARCH_QEMU_ENVIRON == "y" %}
FROM {{ prefix }}multiarch/qemu-user-static:x86_64-aarch64-6.1.0-8 as qemu
FROM {{ prefix }}multiarch/debian-debootstrap:arm64-bullseye
COPY --from=qemu /usr/bin/qemu-aarch64-static /usr/bin
{%- elif CONFIGURED_ARCH == "armhf" and CROSS_BUILD_ENVIRON == "y" %}
FROM {{ prefix }}multiarch/qemu-user-static:x86_64-arm-6.1.0-8 as qemu
FROM {{ prefix }}debian:bullseye
COPY --from=qemu /usr/bin/qemu-arm-static /usr/bin
{%- elif CONFIGURED_ARCH == "arm64" and CROSS_BUILD_ENVIRON == "y" %}
FROM {{ prefix }}multiarch/qemu-user-static:x86_64-aarch64-6.1.0-8 as qemu
FROM {{ prefix }}debian:bullseye
COPY --from=qemu /usr/bin/qemu-aarch64-static /usr/bin
{%- else -%}
FROM {{ prefix }}debian:bullseye
{%- endif %}

MAINTAINER gulv@microsoft.com

COPY ["no-check-valid-until", "/etc/apt/apt.conf.d/"]
COPY ["apt-retries-count", "/etc/apt/apt.conf.d"]

{%- if CROSS_BUILD_ENVIRON != "y" %}
COPY ["sources.list.{{ CONFIGURED_ARCH }}", "/etc/apt/sources.list"]
{%- else %}
COPY ["sources.list.amd64", "/etc/apt/sources.list"]
{%- if CONFIGURED_ARCH == "armhf" %}
ARG arch=armhf
ARG gcc_arch=arm-linux-gnueabihf
ARG PYTHON_CROSS_PLATFORM=linux_armv7l
{%- elif CONFIGURED_ARCH == "arm64" %}
ARG arch=arm64
ARG gcc_arch=aarch64-linux-gnu
ARG PYTHON_CROSS_PLATFORM=linux_aarch64
{%- endif %}

RUN dpkg --add-architecture $arch
RUN apt-get update && apt-get install -y eatmydata
RUN eatmydata apt-get install -y crossbuild-essential-$arch
RUN eatmydata apt-get install -y gcc-$gcc_arch

RUN apt-mark hold g++-$gcc_arch
RUN apt-mark hold g++-10-$gcc_arch
RUN apt-mark hold gcc-$gcc_arch
RUN apt-mark hold gcc-10-$gcc_arch

ARG CROSS_CC=${gcc_arch}-gcc
ARG CROSS_CXX=${gcc_arch}-g++
{%- endif %}

## Make apt-get non-interactive
ENV DEBIAN_FRONTEND=noninteractive

{%- if CROSS_BUILD_ENVIRON == "y" %}
RUN eatmydata apt-get install -y python3 python3-pip
RUN apt-get install -y python3-minimal:$arch python3.9:$arch python3:$arch python3-dev:$arch python3-setuptools:$arch
RUN apt-get download python3-distutils && eatmydata dpkg --force-all -i python3-distutils*
RUN apt-get download python3-pip && eatmydata dpkg --force-all -i python3-pip*
RUN which pip3 && pip3 install enum34
RUN pip3 install virtualenv

# Create target arm python3 virtual environments with all required packages installed
RUN mkdir /python_virtualenv
RUN cd /python_virtualenv && python3 -m virtualenv --copies -p /usr/bin/python3 env3

RUN PATH=/python_virtualenv/env3/bin/:$PATH pip3 install setuptools==49.6.00 wheel==0.35.1 fastentrypoints pytest pytest-cov pytest-runner==5.2 nose==1.3.7 mockredispy==2.9.3 mock==3.0.5 PyYAML==5.4.1 redis==3.5.3 pexpect==4.8.0 Pympler==0.8 parameterized natsort==6.2.1 MarkupSafe==2.0.1 Jinja2==3.0.3 click tabulate netaddr netifaces pyroute2 pyfakefs sphinx && ln -s /python_virtualenv/env3/bin/pytest /python_virtualenv/env3/bin/pytest-3

RUN eatmydata apt-get --fix-broken install -y
RUN LIBPYTHON3_DEPS="`apt-cache depends libpython3-dev:$arch |grep Depends|awk {'print \$2;'}|tr "\n" " "`" && eatmydata apt-get install -y libpython2.7-dev:$arch $LIBPYTHON3_DEPS libxml2-dev:$arch libxslt-dev:$arch libssl-dev:$arch libz-dev:$arch

RUN eatmydata apt-get install -y swig libssl-dev

RUN PATH=/python_virtualenv/env3/bin/:$PATH python3 -m pip install pyang==2.4.0
RUN PATH=/python_virtualenv/env3/bin/:$PATH python3 -m pip install pyangbind==0.8.1
RUN PATH=/python_virtualenv/env3/bin/:$PATH python3 -m pip uninstall -y enum34
RUN PATH=/python_virtualenv/env3/bin/:$PATH pip3 install --force-reinstall --no-cache-dir coverage
{%- endif %}

{%- if CONFIGURED_ARCH == "arm64" and MULTIARCH_QEMU_ENVIRON == "y" %}
# multiarch/debian-debootstrap:arm64-bullseye is too old. It needs to install keys
RUN apt-get update || apt-get install -y gnupg
RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0E98404D386FA1D9
RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 6ED0E7B82643E131
{%- endif %}

RUN apt-get update && apt-get install -y eatmydata && eatmydata apt-get install -y \
        apt-utils \
        default-jre-headless \
        openssh-server \
        curl \
        wget \
        unzip \
        gzip \
        pigz \
        git \
        build-essential \
        remake \
        libtool \
        lintian \
        sudo \
        dh-make \
        dh-exec \
        kmod \
        libtinyxml2-dev \
        python-all \
        python-dev \
        python-setuptools \
        python3 \
        python3-pip \
        libncurses5-dev \
        texinfo \
        dh-autoreconf \
        doxygen \
        devscripts \
        git-buildpackage \
        perl-modules \
        libclass-accessor-perl \
        libswitch-perl \
        libzmq5 \
        libzmq3-dev \
        uuid-dev \
        jq \
        cron \
# For sonic-swss-common
        nlohmann-json3-dev \
# For quagga build
        libreadline-dev \
        texlive-latex-base \
        texlive-plain-generic \
        texlive-fonts-recommended \
        libpam0g-dev \
        libpam-dev \
        libcap-dev \
        imagemagick \
        ghostscript \
        groff \
        libpcre3-dev \
        gawk \
        chrpath \
# For frr build
        libc-ares-dev \
        libsnmp-dev \
        libjson-c-dev \
        libsystemd-dev \
        python3-ipaddr \
        libcmocka-dev \
        libprotobuf-c-dev \
        protobuf-c-compiler \
#{%- if CROSS_BUILD_ENVIRON != "y" %}
        python3-all-dev \
        python3-all-dbg \
#{%- endif %}
        install-info \
        logrotate \
# For libnl3 (local) build
        cdbs \
# For SAI meta build
        libxml-simple-perl \
        graphviz \
        aspell \
# For SAI meta rpc build - make rpc
        libgetopt-long-descriptive-perl \
        libconst-fast-perl \
        libtemplate-perl \
        libnamespace-autoclean-perl \
        libmoose-perl \
        libmoosex-aliases-perl \
# For linux build
        bc \
        fakeroot \
        build-essential \
        devscripts \
        quilt \
        stgit \
        sbsigntool \
# For platform-modules build
        module-assistant \
# For thrift build\
        gem2deb \
        libevent-dev \
        libglib2.0-dev \
#{%- if CROSS_BUILD_ENVIRON != "y" %}
        python3-all-dev \
#{%- endif %}
        python3-twisted \
        phpunit \
        libbit-vector-perl \
        openjdk-11-jdk \
        javahelper \
        maven-debian-helper \
        ant \
        libhttpclient-java \
        libslf4j-java \
        libservlet3.1-java \
        pkg-php-tools \
# For mellanox sdk build
        libpcre3 \
        libpcre3-dev \
        byacc \
        flex \
        libglib2.0-dev \
        bison \
        expat \
        libexpat1-dev \
        dpatch \
        libdb-dev \
        libiptc-dev \
        libxtables-dev \
	libbpf-dev \
# For mellanox sai build
        libtool-bin \
        libxml2-dev \
# For BFN sdk build
        libusb-1.0-0-dev \
        libcurl4-openssl-dev \
        libunwind8-dev \
        telnet \
        libc-ares2 \
        libgoogle-perftools4 \
# For build image
        cpio \
        squashfs-tools \
        zip \
# For broadcom sdk build
{%- if CONFIGURED_ARCH == "amd64" %}
        linux-compiler-gcc-10-x86 \
{%- endif %}
{%- if CONFIGURED_ARCH == "armhf" and CROSS_BUILD_ENVIRON != "y" %}
        linux-compiler-gcc-10-arm \
{%- endif %}
        linux-kbuild-5.10 \
# teamd build
        libdaemon-dev \
        libdbus-1-dev \
        libjansson-dev \
# For cavium sdk build
        libpcap-dev \
        dnsutils \
        libusb-dev \
# For cisco sdk build
        libgrpc++1 \
        libabsl-dev \
# For debian image reconfiguration
        augeas-tools \
# For p4 build
        libyaml-dev \
        libevent-dev \
        libjudy-dev \
        libedit-dev \
        libnanomsg-dev \
        python3-stdeb \
# For redis build
        libjemalloc-dev \
        liblua5.1-0-dev \
        lua-bitop-dev  \
        lua-cjson-dev \
# For mft kernel module build
        dkms \
# For Jenkins static analysis, unit testing and code coverage
        cppcheck \
        clang \
        pylint \
        python3-pytest \
        python3-venv \
        gcovr \
        python3-pytest-cov \
        python3-pytest-cov \
        python3-parse \
# For snmpd
        default-libmysqlclient-dev \
        libssl-dev \
        libperl-dev \
        libpci-dev \
        libpci3 \
        libsensors5 \
        libsensors4-dev \
        libwrap0-dev \
# For lldpd
	debhelper \
        autotools-dev \
        libbsd-dev \
        pkg-config \
        check \
# For mpdecimal
        docutils-common \
        libjs-sphinxdoc \
        libjs-underscore \
        python3-docutils \
        python3-jinja2 \
        python3-markupsafe \
        python3-pygments \
        python3-roman \
        python3-sphinx \
        sphinx-common \
        python3-sphinx \
# For sonic config engine testing
{%- if CROSS_BUILD_ENVIRON != "y" %}
        python3-dev \
{%- endif %}
{%- if CONFIGURED_ARCH == "armhf" or CONFIGURED_ARCH == "arm64" %}
        libxslt-dev \
{%- endif %}
# For lockfile
        procmail \
# For gtest
        libgtest-dev \
        cmake \
# For gmock
        libgmock-dev \
# For pam_tacplus build
        autoconf-archive \
# For iproute2
        cm-super-minimal \
        libatm1-dev \
        libbpf-dev \
        libelf-dev \
        libmnl-dev \
        libselinux1-dev \
        linuxdoc-tools \
        lynx \
        texlive-latex-extra \
        texlive-latex-recommended \
        iproute2 \
# For bash
        texi2html \
        sharutils \
        locales \
        time \
        man2html-base \
        libcunit1 \
        libcunit1-dev \
# For initramfs
        shellcheck \
        bash-completion \
{%- if CONFIGURED_ARCH == "amd64" %}
# For sonic vs image build
        dosfstools \
        qemu-kvm \
        libvirt-clients \
{%- endif %}
# For ntp
        autogen \
        libopts25-dev \
        pps-tools \
        dh-apparmor \
# For lm-sensors
        librrd8 \
        librrd-dev \
        rrdtool \
# For kdump-tools
        liblzo2-dev \
# For iptables
        libnetfilter-conntrack-dev \
        libnftnl-dev \
# For SAI3.7
        xxd \
# For DHCP Monitor tool
        libexplain-dev \
        libevent-dev \
# For libyang
        swig \
# For build dtb
        device-tree-compiler \
# For sonic-mgmt-framework
        autoconf \
        m4 \
        libxml2-utils \
        xsltproc \
        python3-lxml \
        libexpat1-dev \
        libcurl4 \
        libcjson-dev \
# For WPA supplication
        qtbase5-dev          \
        aspell-en            \
        libssl-dev           \
        dbus                 \
        libdbus-1-dev        \
        libdbus-glib-1-2     \
        libdbus-glib-1-dev   \
        libreadline-dev      \
        libncurses5-dev      \
        libpcsclite-dev      \
        docbook-to-man       \
        docbook-utils        \
# For kdump-tools
        libbz2-dev \
# For linkmgrd
        libboost-dev \
        libboost-program-options-dev \
        libboost-system-dev \
        libboost-serialization1.74-dev \
        libboost-thread-dev \
        libboost-atomic-dev \
        libboost-chrono-dev \
        libboost-container-dev \
        libboost-context-dev \
        libboost-contract-dev \
        libboost-coroutine-dev \
        libboost-date-time-dev \
        libboost-fiber-dev \
        libboost-filesystem-dev \
        libboost-graph-parallel-dev \
        libboost-log-dev \
        libboost-regex-dev \
        googletest \
        libgtest-dev \
        libgmock-dev \
        libgcc-10-dev \
# For sonic-host-services build
        libcairo2-dev \
        libdbus-1-dev \
        libgirepository1.0-dev \
        libsystemd-dev \
        pkg-config \
# For sonic-swss-common build
        libhiredis-dev \
# For audisp-tacplus
        libauparse-dev \
        auditd \
# For protobuf
        dh-elpa \
        xmlto \
        rake-compiler \
        default-jdk \
        libgoogle-gson-java

{%- if CONFIGURED_ARCH != "arm64" and CONFIGURED_ARCH != "armhf" %}
# For DASH BMv2
RUN eatmydata apt install -y \
# For grpc
        libgflags-dev                       \
        libgoogle-perftools-dev             \
        ruby-googleauth                     \
        ruby-googleapis-common-protos-types \
        ruby-simplecov                      \
        cython3                             \
# For p4 libraries
        valgrind \
        thrift-compiler \
        gfortran \
        libopenmpi-dev \
        libthrift-0.13.0 \
        libthrift-dev \
        libboost-all-dev \
        libboost-graph-dev \
        libboost-iostreams-dev \
        libgc-dev \
        tcpdump \
        llvm \
        net-tools \
        python3-pyroute2 \
        python3-ply \
        python3-scapy \
        python3-thrift \
        libabsl20200923 libc-ares2 python3-six libboost-thread1.74.0 libboost-dev libboost-system-dev libboost-thread-dev libboost-filesystem1.74.0 libboost-program-options1.74.0 libboost-thread1.74.0 libnanomsg5 libpcap0.8 libthrift-0.13.0 libboost-dev libboost-filesystem-dev libboost-program-options-dev libgmp-dev libnanomsg-dev libpcap-dev libtool pkg-config libthrift-dev python3-thrift thrift-compiler libboost-iostreams1.74.0 libgc1 cpp libboost-dev libboost-all-dev libboost-graph-dev libboost-iostreams-dev libfl-dev libgc-dev libgmp-dev libbpf-dev tcpdump libelf-dev llvm clang python3-pyroute2 python3-ply python3-scapy python3-setuptools python3-thrift libthrift-0.13.0
{%- endif %}

{%- if CONFIGURED_ARCH == "amd64" %}
# Upgrade CMAKE version
RUN wget https://github.com/Kitware/CMake/releases/download/v3.27.6/cmake-3.27.6-linux-x86_64.sh
RUN chmod +x cmake-3.27.6-linux-x86_64.sh
RUN sudo ./cmake-3.27.6-linux-x86_64.sh --skip-license --prefix=/usr
RUN sudo apt-get update -y
{%- endif %}

{%- if CROSS_BUILD_ENVIRON == "y" %}
# Arm vs. amd64 versions conflict - remove amd64 packages
RUN apt-get remove -y libnl-3-200
RUN eatmydata apt-get install -y libpcre3:$arch
{%- endif %}

RUN eatmydata apt-get -y build-dep openssh

# Build fix for ARM64 and ARMHF /etc/debian_version
{%- if CONFIGURED_ARCH == "armhf" or CONFIGURED_ARCH == "arm64" %}
RUN eatmydata apt upgrade -y base-files libc-bin=$(dpkg-query -W -f '${Version}' libc-bin)
{%- endif %}

# Build fix for ARMHF bullseye libsairedis
{%- if CONFIGURED_ARCH == "armhf" and MULTIARCH_QEMU_ENVIRON == "y" %}
       # Install doxygen build dependency packages
       RUN eatmydata apt install -y libxapian-dev yui-compressor texlive-extra-utils \
           texlive-font-utils rdfind llvm-11-dev libclang-11-dev sassc faketime mat2

       # Update doxygen with 64bit file offset patch
       RUN dget -u http://deb.debian.org/debian/pool/main/d/doxygen/doxygen_1.9.1-2.dsc && \
           cd doxygen-1.9.1 && \
           sed -i '56 a add_definitions(-D_FILE_OFFSET_BITS=64)' CMakeLists.txt && \
           DEB_BUILD_OPTIONS=nocheck dpkg-buildpackage -us -uc -b && \
           cd .. && \
           eatmydata dpkg -i ./doxygen_1.9.1-2_armhf.deb && \
           rm -fr doxygen*

       # Aspell is unable to locate the language dictionaries.
       # Re-installing aspell-en dictionary to fix it.
       RUN eatmydata apt-get install --reinstall -y aspell-en

       # workaround because of https://bugs.launchpad.net/qemu/+bug/1805913, just disable aspell
       # Issue now being tracked here - https://gitlab.com/qemu-project/qemu/-/issues/263
       RUN cp /bin/true /usr/bin/aspell
{%- endif %}

## Config dpkg
## install the configuration file if it’s currently missing
RUN sudo augtool --autosave "set /files/etc/dpkg/dpkg.cfg/force-confmiss"
## combined with confold: overwrite configuration files that you have not modified
RUN sudo augtool --autosave "set /files/etc/dpkg/dpkg.cfg/force-confdef"
## do not modify the current configuration file, the new version is installed with a .dpkg-dist suffix
RUN sudo augtool --autosave "set /files/etc/dpkg/dpkg.cfg/force-confold"

{%- if CROSS_BUILD_ENVIRON != "y" %}
# For linux build
RUN eatmydata apt-get -y build-dep linux
{%- else %}
RUN eatmydata apt-get install -y kernel-wedge
{%- endif %}

# For gobgp and telemetry build
RUN eatmydata apt-get install -y golang-1.15 && ln -s /usr/lib/go-1.15 /usr/local/go
{%- if INCLUDE_FIPS == "y" %}
RUN wget -O golang-go.deb 'https://sonicstorage.blob.core.windows.net/public/fips/bullseye/{{ FIPS_VERSION }}/{{ CONFIGURED_ARCH }}/golang-1.15-go_{{ FIPS_GOLANG_VERSION }}_{{ CONFIGURED_ARCH }}.deb' \
 && wget -O golang-src.deb 'https://sonicstorage.blob.core.windows.net/public/fips/bullseye/{{ FIPS_VERSION }}/{{ CONFIGURED_ARCH }}/golang-1.15-src_{{ FIPS_GOLANG_VERSION }}_{{ CONFIGURED_ARCH }}.deb' \
 && eatmydata dpkg -i golang-go.deb golang-src.deb \
 && ln -sf /usr/lib/go-1.15 /usr/local/go \
 && rm golang-go.deb golang-src.deb
{%- endif %}

RUN pip3 install --upgrade pip==24.2
RUN apt-get purge -y python3-pip python3-yaml

# For building Python packages
RUN pip3 install setuptools==49.6.00
RUN pip3 install setuptools-scm==8.1.0
RUN pip3 install wheel==0.38.1

{%- if CONFIGURED_ARCH == "armhf" %}
# Allow only manylinux wheels on armhf, to ensure that binaries/libraries work correctly on armhf
COPY ["disable-non-manylinux.patch", "/"]
{%- if CROSS_BUILD_ENVIRON == "y" %}
RUN patch -p1 -i /disable-non-manylinux.patch /python_virtualenv/env3/lib/python3.9/site-packages/pip/_vendor/packaging/tags.py
{%- else %}
RUN patch -p1 -i /disable-non-manylinux.patch /usr/local/lib/python3.9/dist-packages/pip/_vendor/packaging/tags.py
{%- endif %}
{%- endif %}

# For building sonic-utilities
RUN pip3 install fastentrypoints mock

# For building sonic_ycabled
# Note: upstream build breaks with old version of setuptools
# ref: https://github.com/grpc/grpc/issues/34569
RUN pip3 install grpcio==1.58.0 grpcio-tools==1.58.0

# For running Python unit tests
RUN pip3 install pytest-runner==5.2
RUN pip3 install nose==1.3.7
RUN pip3 install mockredispy==2.9.3

# Fix CVE-2021-23437, need to build and install libjpeg-dev for armhf for pillow 9.4.0
{%- if CONFIGURED_ARCH == "armhf" %}
RUN TMP_DIR=$(mktemp -d) && \
    cd $TMP_DIR && \
    eatmydata apt-get install -y nasm && \
    apt-get source libjpeg-turbo && \
    cd $(ls -d libjpeg-turbo*/) && \
    dpkg-buildpackage -rfakeroot -b -us -uc > $TMP_DIR/libjpeg-dev.log && \
    eatmydata dpkg -i $TMP_DIR/libjpeg*-dev*.deb && \
    rm -rf $TMP_DIR
{%- endif %}
RUN pip3 install pillow==9.4.0

# For p4 build
RUN pip3 install \
         ctypesgen==1.0.2 \
         crc16

# For sonic config engine testing
# Install pyangbind here, outside sonic-config-engine dependencies, as pyangbind causes enum34 to be installed.
# enum34 causes Python 're' package to not work properly as it redefines an incompatible enum.py module
# https://github.com/robshakir/pyangbind/issues/232
RUN pip3 install pyangbind==0.8.1
RUN pip3 uninstall -y enum34

# For templating
RUN pip3 install j2cli==0.3.10

# For sonic-mgmt-framework
# The option --no-build-isolation can be removed when upgrading PyYAML to 6.0.1
RUN pip3 install "PyYAML==5.4.1" --no-build-isolation
{%- if CROSS_BUILD_ENVIRON != "y" %}
RUN pip3 install "lxml==4.9.1"
{%- endif %}

# For sonic-platform-common testing
RUN pip3 install redis
RUN pip3 install psutil
RUN pip3 install blkinfo

# For vs image build
RUN pip3 install pexpect==4.8.0

# For sonic-swss-common testing
RUN pip3 install Pympler==0.8

# For sonic_yang_model build
RUN pip3 install pyang==2.4.0

# For mgmt-framework build
RUN pip3 install mmh3==2.5.1

RUN pip3 install parameterized==0.8.1

# For DASH BMv2
RUN pip3 install jsonpath_ng

RUN eatmydata apt-get install -y xsltproc

# Install dependencies for isc-dhcp-relay build
RUN eatmydata apt-get -y build-dep isc-dhcp

# Install vim
RUN eatmydata apt-get install -y vim

# Install rsyslog
RUN eatmydata apt-get install -y rsyslog

{%- if CROSS_BUILD_ENVIRON == "y" %}
RUN cd /usr/src/gtest && CXX=$CROSS_CXX CC=$CROSS_CC cmake . && make -C /usr/src/gtest
{%- else %}
RUN cd /usr/src/gtest && cmake . && make -C /usr/src/gtest
{%- endif %}

RUN mkdir /var/run/sshd
EXPOSE 22

# Install dependencies for dhcp relay test
RUN pip3 install parameterized==0.8.1
RUN pip3 install pyfakefs

# Install docker engine 24 inside docker and enable experimental feature
RUN apt-get update
RUN eatmydata apt-get install -y \
           apt-transport-https \
           ca-certificates \
           curl \
           gnupg2 \
           software-properties-common
{%- if CONFIGURED_ARCH == "armhf" %}
    RUN update-ca-certificates --fresh
{%- endif %}
RUN curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
RUN add-apt-repository \
{%- if CROSS_BUILD_ENVIRON == "y" %}
           "deb  https://download.docker.com/linux/debian \
{%- else %}
           "deb [arch={{ CONFIGURED_ARCH }}] https://download.docker.com/linux/debian \
{%- endif %}
           $(lsb_release -cs) \
           stable"
RUN apt-get update
RUN eatmydata apt-get install -y docker-ce=5:24.0.2-1~debian.11~bullseye docker-ce-cli=5:24.0.2-1~debian.11~bullseye containerd.io=1.6.21-1 docker-buildx-plugin=0.10.5-1~debian.11~bullseye docker-compose-plugin=2.18.1-1~debian.11~bullseye
RUN echo "DOCKER_OPTS=\"--experimental --storage-driver=vfs {{ DOCKER_EXTRA_OPTS }}\"" >> /etc/default/docker
RUN update-alternatives --set iptables /usr/sbin/iptables-legacy

# Install m2crypto package, needed by SWI tools
RUN pip3 install m2crypto==0.36.0

# Install swi tools
RUN pip3 install git+https://github.com/aristanetworks/swi-tools.git@bead66bf261770237f7dd21ace3774ba04a017e9

{% if CONFIGURED_ARCH != "amd64" -%}
# Install node.js for azure pipeline
RUN curl -sL https://deb.nodesource.com/setup_14.x | bash -
RUN eatmydata apt-get install -y nodejs

{%- if CROSS_BUILD_ENVIRON == "y" %}
RUN eatmydata apt-get install -y rsync dh-python

RUN eatmydata apt-get install -y libelf-dev:$arch libdw-dev:$arch  libbz2-dev:$arch liblzo2-dev:$arch libedit-dev:$arch libevent-dev:$arch libopts25-dev:$arch libssl-dev:$arch pps-tools:$arch libpam-cap:$arch libcap-dev:$arch libpam0g-dev:$arch libaudit-dev:$arch libgtk-3-dev:$arch libkrb5-dev:$arch libsystemd-dev:$arch libwrap0-dev:$arch libkrb5-dev:$arch libboost1.74-dev:$arch libboost-dev:$arch libzmq5:$arch libzmq3-dev:$arch libdaemon-dev:$arch libjansson-dev:$arch libmnl-dev:$arch libsensors5:$arch libsensors4-dev:$arch libperl-dev:$arch libmariadb-dev:$arch libmariadb-dev-compat:$arch libpci-dev:$arch libjson-c-dev:$arch libreadline-dev:$arch librtr-dev:$arch librrd-dev:$arch libnetfilter-conntrack-dev:$arch libnetfilter-conntrack3:$arch libnfnetlink-dev:$arch libnftnl-dev:$arch libldap2-dev:$arch libbind-export-dev:$arch check:$arch libboost-atomic-dev:$arch libboost-test-dev:$arch libglib2.0-dev:$arch libexplain-dev:$arch libc-ares-dev:$arch libiptc0:$arch libxtables12:$arch libatm1-dev:$arch libbpf-dev:$arch libdb-dev:$arch pkg-config:$arch libnghttp2-14:$arch librtmp1:$arch libssh2-1:$arch libcjson1:$arch libcjson-dev:$arch libcurl4-openssl-dev:$arch libboost-thread1.74-dev:$arch libboost-thread-dev:$arch libboost-system1.74-dev:$arch libboost-system-dev:$arch libgtest-dev:$arch libgmock-dev:$arch libfido2-dev:$arch libcunit1:$arch libcunit1-dev:$arch libauparse-dev:$arch libnetsnmptrapd40:$arch qtbase5-dev:$arch libboost-log-dev:$arch libboost-filesystem-dev:$arch libboost-program-options-dev:$arch

RUN apt-get download libgirepository1.0-dev:$arch && eatmydata dpkg --force-all -i libgirepository1.0-dev*
RUN PATH=/python_virtualenv/env3/bin/:$PATH pip3 install pycairo

# Install libpcsclite-dev for wpasupplicant using download because regular install removes amd64 python package
RUN apt-get download libpcsclite1:$arch && eatmydata dpkg --force-all -i libpcsclite1* && apt-get download libpcsclite-dev:$arch && eatmydata dpkg --force-all -i libpcsclite-dev*
# Install python3-dev for frr (/usr/bin/python3-config for $arch) using download because regular install removes amd64 python package
RUN apt-get download python3.9-dev:$arch && apt-get download python3-dev:$arch && eatmydata dpkg --force-all -i python3*-dev*
{% endif %}

# Tell azure pipeline to use node.js in the docker
LABEL "com.azure.dev.pipelines.agent.handler.node.path"="/usr/bin/node"
{% endif -%}

# Install Bazel build system (amd64 and arm64 architectures are supported using this method)
# TODO(PINS): Remove once pre-build Bazel binaries are available for armhf (armv7l)
{%- if CONFIGURED_ARCH == "amd64" or CONFIGURED_ARCH == "arm64" %}
ARG bazelisk_url=https://github.com/bazelbuild/bazelisk/releases/latest/download/bazelisk-linux-{{ CONFIGURED_ARCH }}
RUN curl -fsSL -o /usr/local/bin/bazel ${bazelisk_url} && chmod 755 /usr/local/bin/bazel
# Bazel requires "python"
# TODO(PINS): remove when Bazel is okay with "python3" binary name
RUN eatmydata apt install -y python-is-python3
{% endif -%}
